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What is claimed: 

1 . A method for sending data through a provider network from an originating 
network to a destination network in a virtual private network (VPN), the method 
comprising: 

encapsulating data link layer data from the originating network in a network 
layer packet; 

determining whether a data link layer address of a destination device in the 
destination network is mapped to a network layer address of an egress line interface 
in the provider network; and 

when the destination device address is not mapped to the egress Ime interface 
address, broadcasting the network layer packet to a multicast address associated with 
the VPN. 

2. The method for sending data through a provider network according to claim 

1, further comprising: 

when the destination device address is mapped to the egress line interface 
address, based on a previous transmission from the destination device, unicasting the 
network layer packet to egress line interface address. 

3 . The method for sending data through a provider network according to claim 

2, further comprising 

adding a VPN identification number corresponding to the VPN to the network 
layer packet; 

verifying the VPN identification number after the egress line interface receives 
the network layer packet; and 

decapsulating the data layer link data from the network layer packet only when 
the VPN identification number is verified. 
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4. A method for providing broadband access to a virtual private network 
(VPN), the VPN comprising a plurality of local area networks (LANs) configured to 
interface with an IPv6 service provider network through broadband access links, the 
method comprising: 

encapsulating a LAN frame from an originating LAN of the VPN in an IPv6 
packet of the service provider network; 

adding a VPN identification number corresponding to the VPN to the IPv6 
packet; 

routing the IPv6 packet through the service provider network; 
verifying the VPN identification number; 

decapsulating the LAN frame when the VPN identification number is verified; 

and 

transmitting the decapsulated LAN frame to the destination LAN. 

5. The method for providing broadband access to the VPN according to claim 
4, fiirther comprising discarding the IPv6 packet when the VPN identification number 
is not verified. 

6. The method for providing broadband access to the VPN according to claim 
4, in which the IPv6 packet includes an IPv6 address of an ingress line interface, 
which receives the LAN frame, as a source address and an IPv6 address of an egress 
line interface, to which the IPv6 packet is routed for verification, as a destination 
address. 

7. The method for providing broadband access to the VPN according to claim 
4, in which the IPv6 packet includes the VPN identification number in an optional 
header extension. 
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8. The method for providing broadband access to the VPN according to claim 
7, in which the VPN identification number is included in a multiple of four octets of 
the optional header extension, 

9. The method for providing broadband access to the VPN according to claim 
7, in which the optional header extension further identifies a destination option type, 
the method further comprising discarding the IPv6 packet when the egress line 
interface does not recognize the destination option type in the optional header 
extension. 

10. The method for providing broadband access to the VPN according to claim 
7, in which the optional header extension further identifies a VPN hop number, which 
indicates a number of line interfaces that transmit the IPv6 packet. 

1 1 . The method for providing broadband access to the VPN according to claim 
4, further comprising: 

determining whether an address of a destination device in the destination LAN 
is mapped to the egress line interface; 

when the address of the destination device is not mapped to the egress 
interface, broadcasting the IPv6 packet to a multicast address associated with the 
VPN; and 

receiving the IPv6 packet at the egress line interface based on the multicast 
address. 

1 2. The method for providmg broadband access to the VPN accordmg to claim 
1 1, further comprising: 

mapping an address of the egress line interface to the address of the destination 
device, based on address information received by the ingress line interface in a 
transmission firom the destination device; and 
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transmitting subsequent IPv6 packets to the destination device using a unicast 
address of the egress line interface based on the mapping. 

13. A system for providing broadband access to a virtual private network 
(VPN), the VPN comprising a plurality of local area networks (LANs) configured to 
interface with an IPv6 service provider network, the system comprising: 

a plurality of interface devices in the service provider network, each interface 
device comprising at least one line interface, each line interface being connectable to 
at least one of the plurality of LANs via a broadband access link; 

wherein a first interface device receives a LAN frame from a first LAN at an 
ingress line interface corresponding to the first LAN, encapsulates the LAN frame in 
an IPv6 packet, and adds a VPN identification number corresponding to the VPN to 
the IPv6 packet, the LAN frame being directed to a second LAN; and 

wherein a second interface device receives the IPv6 packet at an egress line 
interface corresponding to the second LAN, verifies the VPN identification number, 
decapsulates the LAN frame when the VPN identification number is verified, and 
transmits the LAN frame to the second LAN. 

14. The system for providing broadband access to the VPN according to claim 
13, wherein the second interface device discards the IPv6 packet when it is not able 
to verify the VPN identification number. 

15. The system for providing broadband access to the VPN according to claim 
13, in which the IPv6 packet includes the VPN identification number in an optional 
header extension. 

16. The system for providing broadband access to the VPN according to claim 
13, the first interface device further comprising an ingress virtual bridge 
corresponding to the ingress line interface; 
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wherein, when the ingress virtual bridge is not able to associate an address of 
a destination device in the second LAN with an address of the egress line interface of 
the second interface device, the first interface device broadcasts the IPv6 packet to a 
multicast address associated with the VPN; and 

wherein the second interface device receives the IPv6 packet at the egress line 
interface based on the multicast address. 

1 7. The system for providing broadband access to the VPN according to claim 
16, the second interface device further comprising an egress virtual bridge 
corresponding to the egress line interface, the egress virtual bridge mapping an 
address of an originating device in the first LAN with the address of the ingress line 
interface after the second interface device receives the broadcast IPv6 packet; 

wherein the second interface device is able to unicast subsequent IPv6 packets, 
directed to tiie originating device, to the address of the ingress line interface based on 
the mapping. 

18. A method of providing broadband access for a customer in a virtual 
private network (VPN), comprising a plurality of local area networks (LANs) 
interfacing with at least one telecom service provider (TSP) network, each TSP 
network comprising a plurality of interfaces corresponding to the plurality of LANs, 
the method comprising: 

assigning a unique VPN identification number to the customer; 

assigning a common multicast address to the plurality of interfaces and a 
unique unicast address to each of the plurality of interfaces; 

receiving data fi*om an originating LAN, the data being directed to a 
destination device in a destination LAN, the originating LAN corresponding to an 
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ingress interface of the plurality of interfaces and the destination LAN corresponding 
to an egress interface of the plurality of interfaces; 

when an address of the destination device address is not mapped to the 
destination LAN, encapsulating the data in a multicast packet, having the unique 
address of the ingress interface as a source address and the multicast address as a 
destination address; 

transmitting the encapsulated data to all interfaces corresponding to the 
plurality of LANs based on the multicast address; and 

decapsulating the frame only at the egress interface and forwarding the frame 
to the destination device. 

19. The method of providing broadband access according to claim 18, fiirther 
comprising: 

mapping the destination device address to the IPv6 address of the egress 
interface based on address information previously received by the ingress interface 
from the destination device; 

when the destination device address is mapped to the egress interface, 
encapsulating the data in a unicast packet having the unique IPv6 address of the 
ingress interface as the source address and the unique address of the egress interface 
as the destination address; and 

transmitting the encapsulated frame only to the egress interface, based on the 
destination address in the unicast packet. 

20. The method of providing broadband access according to claim 19, fiirther 
comprising: 

entering the VPN identification number in one of the multicast packet and the 
unicast packet; and 



26 



P23664.S03 

reading the VPN identification at the egress interface to verify that the received 
packet is associated with the VPN. 
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